Busted - British, Russian Authorities Nail DDoS Ring

22 July 2004

Britain's National Hi-Tech Crime Unit (NHTCU) and Russia's Ministry of Internal Affairs (MVD) yesterday announced they have arrested three men in Russia who are believed to have played a large role in the wave of distributed denial of service (DDoS) attacks that have plagued online gambling operators for nearly a year.

The culprits, three men of ages 21, 22 and 24, were apprehended in raids in St. Petersburg and in the Saratov and Stavropol regions of southwest Russia.

According to Reuters, a source at the British Embassy in Moscow stated that, "These were the main people behind the organization. They were coordinating it and laundering the money."

The NHCTU said two of the suspects were technically proficient, while the third was the "money man."

The men haven't been charged, but investigators believe they were the ringleaders of the operation. The MVD and NHTCU are continuing their investigation and speculate that computers confiscated during the raids could lead to more information about the crime ring and perhaps even more arrests.

Police in November 2003 arrested 10 members of the same criminal gang in Riga, Latvia. Those arrests helped investigators identify money transfer records and eventually locate the leaders of the group.

The NHTCU credits government and law enforcement agencies in Australia, Canada, Estonia and the United States with lending assistance. Businesses, both in the United Kingdom and abroad, were also very helpful.

"The success of this operation is built on the foundation of international partnerships between law enforcement and business," said Detective Chief Superintendent Len Hynds of the NHCTU. "The more we work together in the fight against organized crime, the safer the U.K. will be for business."

Hynds added, "Thanks to the response of all the parties involved, we have helped to dismantle a determined group of organized criminals. The clear message we are sending is that if you attack firms based in the U.K., we will find you and stop you."

The NHCTU declined to comment on which sites the culprits allegedly attacked, and for now there is no indication of what percentage of DDoS attacks on I-gaming Web sites the men are responsible for orchestrating.

Detective Superintendent Mick Deats doubts this gang is the only one preying on Internet sports books. "These won't be the only people doing this," he said, "but we hope with this operation that we are sending out a message that we are going after these criminals."

Blue Square's Ed Pownall seems to agree. "It's great news, but at the same time I don't think we are ever going to be bulletproof," he told the Racing Post

Most operators have already deployed hardware solutions to combat the increased flood of bogus traffic that occurs during a DDoS attack, but are still of wary of attacks. David Hood, a spokesperson for William Hill, said his company started investing in software solutions for preventing and reducing attacks in October 2003. He added, however, that "arresting these criminals and removing their threat is the ultimate resolution to the matter."

Though it seems that the largest investigative effort came from Britain's NHTCU, which eventually enlisted the assistance of Russia's MVD, the extortion scam did not affect only sports books in Europe. Most documented attacks early on targeted Caribbean and Central America-based bookmakers that service the U.S. market. Their status as offshore gambling operations regulated by small governments prevented their direct access to strong international police and investigative units such as those the United States could provide.

Betting companies in these regions were naturally elated to learn of the arrests. David Carruthers, CEO for Costa Rica-based BetOnSports, said, "We welcome the success by law enforcement in making progress in combating this issue. This is an area that won't go away. We have to be strong and vigilant."

The first wave of wide-scale attacks likely occurred around September 2003. The Financial Times caught wind of the situation in November and reported that over a dozen I-gaming sites targeting the U.S. market had been crippled by DDoS attacks since September. The number is likely to be higher than that; however as the initial reaction from most operators was to suppress news of the attacks. Many feared that if their customers learned their sites were vulnerable to hackers, they would cease to do business with them. Other operators opted to pay the ransom fee and hoped that if they remained quiet the attacks would not occur again.

Canbet.com in October became the first British company to report that it's been attacked. The company contacted the NHCTU and provided data that was instrumental in tracking down the three arrested culprits. Taking advice from the NHCTU, they completed money transfers to the extortionists so that police could follow the money trail.

By February, most of the industry was aware of the problem and was preparing for an onslaught during the Super Bowl.

Inevitably, at one time or another, all of the following online sports book operations reportedly have been hit by a DDoS attack of some degree: William Hill, Coral, Paddy Power, Totalbet, IG Index, Sporting Index, Blue Square, Skybet, Betdaq, Coral, UKbetting, Bet365, Stanley Racing, Sportingbet.com, Centrebet, Betfair, Victor Chandler, Capital Sports, Ladbrokes, Sporting Options, Totalbet, Sportinglife.com, VIP, Bet19, Gameday, Superbook, BetCRIS, BetVSI, Virtual Bookmaker, MVP, V-Wager and Players Superbook.

Last month, Britain's All Party Internet Group released its report on the Computer Misuse Act. Overall the report, which is the result an inquiry begun in March, suggests that the maximum punishments for cyber criminals should be strengthened. The group strongly advises that DDoS attacks become explicit violations of the Computer Misuse Act so that police and courts will take the crime seriously.

Bradley Vallerius

Articles by Bradley P. Vallerius, JD manages For the Bettor Good, a comprehensive resource for information related to Internet gaming policy in the U.S. federal and state governments. For the Bettor Good provides official government documents, jurisdiction updates, policy analysis, and many other helpful research materials. Bradley has been researching and writing about the business and law of internet gaming since 2003. His work has covered all aspects of the industry, including technology, finance, advertising, taxation, poker, betting exchanges, and laws and regulations around the world.

Bradley Vallerius Website